Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Ssecurity Accounts user1] 'Start' = '00000002'
- %PROGRAM_FILES%\Remote\Remote.exe
- %TEMP%\21781341.tmp
- '22###.rhelper.com':1980
- DNS ASK 22###.rhelper.com
- ClassName: '' WindowName: '???????? ????'
- ClassName: '' WindowName: '????????????'
- ClassName: '' WindowName: '????????????????'